New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 898942 link

Starred by 2 users
Status: Available
Owner: ----
Cc:
rbyers@chromium.org
cdu...@apple.com
erikc...@chromium.org
palmer@chromium.org
chrome-perf-bugs@google.com
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Feature



Sign in to add a comment

Experiment: Anchor target=_blank implies rel=noopener

Project Member Reported by jasonjmi...@google.com, Oct 25 
As released experimentally in Safari TP today:
https://twitter.com/chris_dumez/status/1055308539042816002
https://webkit.org/blog/8475/release-notes-for-safari-technology-preview-68/
https://trac.webkit.org/changeset/237144/webkit/

This makes `<a target="_blank">` for external links imply the behavior of `rel="noopener"` by default.

Comment 1 by erikc...@chromium.org, Oct 25 

This is a great idea, if it doesn't terribly break the web. Maybe we should try it out too?

Comment 2 by rbyers@chromium.org, Oct 25

Cc: cdu...@apple.com
/cc Chris who is making this change in WebKit.

This sounds great for security to me! Is it possible we could easily add a UseCounter for accessing the opener from such windows (either before or after making this change)? I know some sites enumerate the whole global object, so maybe it's not useful to monitor for calls to the window.opener getter. 

Regardless, trying this out in Chrome too will get us additional data on the compat risk that Chris may not be able to get from Safari TP alone. FWIW, even if there's a little site breakage, I suspect this change would be worth making - we'll just need to follow the blink breaking change process...

Comment 3 by chrishtr@chromium.org, Oct 26

Components: -Blink Security Blink>Loader Blink>DOM

Comment 4 by rakina@chromium.org, Jan 10

Labels: Pri-3
Status: Available (was: Unconfirmed)

Sign in to add a comment